Anonymous/Secret Web Hosting... WITHOUT TOR

Leaving aside the issues of TOR and TOR browser, the CP and the vulnerabilities, sometimes it's just not a real option for your website, but you want to maintain your privacy anyways. It seems like it is possible to host on clearnet without getting compromised. TPB hasn't had any major arrests in a long time, and their servers are very resilient, showing that it's possible to evade the wrath of the FBI and MPAA cartel while giving people a clearnet website to connect to. Here's a somewhat vague article on their setup:
torrentfreak.com/the-pirate-bay-runs-on-21-raid-proof-virtual-machines-140921/
I guess my main questions are these:
The article says that the real servers are hidden because the user-facing servers have an encrypted connection to the real servers. But couldn't NSA/GCHQ/etc just look at the patterns of web requests coming from the user-facing servers?
And what's the main entry point for end users? The proxy server? The load balancer?
How would one go about creating a setup with a main server hidden behind other servers?

Attached: main-qimg-9ce5cb32df32aa930fbefcf6388fb320.jpg (211x239, 15.29K)

Other urls found in this thread:

metrics.torproject.org/networksize.html
tinhat233xymse34.onion/blog/thoughts/i2p-survey.html
torproject.org/projects/torbrowser/design/
twitter.com/NSFWRedditImage

Are you stupid? You set up 20 public facing servers at rando places, and they proxy to your back-end. It's not complicated. Its also a shitty solution compared to tor.

Ok, so NSA or whoever just investigates what servers the public-facing servers are connecting to. Then they find the back-end. Right?

They could go find the proxy / load balancer tier and see where they connect. With literally anything they can do that. You can use a proxy chain to make it much harder.

So what's keeping TPB up? NSA just won't help out the feds? Servers are in uncooperative countries where it actually is hard for the NSA to snoop via ISP or physical access?

...or you could just use Tor

What are they doing that is illegal? They share magnet links. They don't host any files.

Maybe they are still alive because they are controlled by the feds...

I'm on the anti-copyright side here, but do you think "I don't sell illegal goods, I just tell people where they can buy illegal goods for a small fee" should be a valid defense?
If unauthorized copying is illegal it's reasonable for knowingly facilitating that on a massive scale to be illegal. The issue here is unauthorized copying, not technicalities about magnet links.

they've been busted in the past.

how could the feds really benefit from that?

how is this anything of any significance? there isn't even a normalfag narrative that "tor is bad/immoral because of CP" yet
what fucking vulnerabilities? tor adds like 5 vulns on top of the 6000000000 vulns you already have from using a modern OS and browser

The people running TPB are pretty much untouchable by the fuzz. A bunch of the Demonoid guys ended up working for the Bay.

why would they want to shut down a public torrent tracker? they can datamine the actual users downloading the torrents much easier this way, they can see what's popular and seed it themselves, then burn/datamine the users.

If they shut it down and push all public trackers underground into private tracker realms, it'll me more difficult to datamine the downloaders.

Keep telling yourself that retard, if some forum loser like you can get in so can professional infiltrators, and it only takes one.

Tor is a shitty solution compared to IPFS if avoiding censorship is your primary goal.

You can't do shit on IPFS, and its trivial to see who has what downloaded. You want the world to know that your computer is full of CP? Retarded. Not to mention you cant run things that need actual databases and to do computation.

And convicted of what? Getting arrested on X shitty grounds and then convicted of tax fraud is something that happens all the time.

Serving up backdoors in pirated Windows and games?

lrn2gateway. It's how CIAniggers use Tor while everyone else is just making noise with that shitty compromised browser.

IPFS does not help with anonymity at all.

wtf I love the NSA now

Not only does it not help with anonymity, it does not even allow you to use tor.

bump

Use I2P. Very simple to host your own website, and some people can even do it for you. Nobody can figure out where your website is, and torrenting is supported in many different ways through it. Although it would be pretty pointless to host the Pirate Bay on I2P because they already have a few torrenting websites that everyone already uses.

maybe you should stop being a fucking degenerate, then
though you do have a point, what you said could also apply to (((hate speech))) or anything else (((they))) don't want you to have

CP is just the universal hot potato word.

Okay, FBI ;-) Will host from my home connection from now on.

i2p is painfully slow and has a dogshit interface.

You're absolutely right but there is an entire thread here of brainlets who haven't figured that shit out yet.

OH NO NO NO NO NO HAHAHAHAHAHAHA

Elaborate. How is using a text browser with %0.000001 market share and tunneling your entire traffic through a single circuit is better than using a browser that builds new routes for every domain and has a uniform fingerprint across its users?

Lower attack surface, less vulnerabilities, more security.
There is no "good" or "bad" in this perspective.
Yes, it has a more unique fingerprint, but the location is still anonymized.
Imagine browsing 4ch/g with default Tor browser (javascript on) when Hiroshima decides to turn on js miners that also carry a rootkit payload and few zero-days for Firefox. All vanilla Torbrowserfags are btfo-ed unless they use Qubes or a disposable machine and dedicated gateway, a CIA nigger with Links feels himself just fine and continues to 8ch/tech.
And he didn't say anything about single circuit, you can run multiple circuits with it too.
Tor Browser is crowd wearing slightly different Guy Fawkes masks, text browser piped with Tor gateway is like wearing a close helm.

You should head over to Reddit buddy.

Ever take a dive into your torrc file? You can set per-service, per-client, and per-port circuit differentiation even for transparent proxying/gatewaying. Dive into the source code to up the number of hops in your circuits (at the cost of responsiveness/speed).

What if the user sets the security slider to the safest? It disables javascript, svg, math symbols and many more attack surfaces that could be used to exploit the browser. How does this setup compares to yours?

Very interesting. I will look into it. But while I am at sacrificing the speed for security shouldn't using I2P be better for my use case?

meanwhile your bullshit corporate dogshit browser with 10 billion lines of C++/JS rubberstamp code has unlimited ways to identify you and every script kiddie has his own set of 5 or so techniques
for example because it uses some dumbass nigger API configuration to display JPEGs, you can put certain info in a JPEG file and then use JS (for simplification. these issues exist even without JS) to query the file and it will give you some unique information about your system. made up example but there are literally millions of things like this

and CSS and 5 million other components nobody even knows about are still active

Tor has more nodes. I don't think circuit extension is visible to the nodes (i.e. it shouldn't make the tunnels look different to the intermediary nodes).

Tor has approximately ~6000 nodes and ~2000 bridges.(1) A study made by The Tin Hat concluded that there are at least ~50000 actively participating nodes in the I2P network.(2)

I think the security by default models are more sensible than roll-your-own ones. Firstly because a user can skip trivial-looking details with, in some cases, life threatening consequences. Second, not everybody is knowledgeable enough to provide enough technical skills to construct a proper setup. More users will inevitably create more noise in the network, therefore strengthing it. And third, Tor doesn't include a global adversary with timing attack capabilities in its threat model. It implies that increasing the node numbers is not in the interest of its developers so the users who need semi resistance against timing attacks are better with I2P.

(1) - metrics.torproject.org/networksize.html
(2) - tinhat233xymse34.onion/blog/thoughts/i2p-survey.html


provide some real world examples
Tor Browser uses special configurations to mitigate attacks made through CSS. For example the default window size is set to 1000*1000 and Tor Browser warns you if you change it because CSS reports the window size back to the website and creates a more unique fingerprint of the user. There are million attacks on modern browsers and here is the million mitigations the Tor Browser Bundle taken against them:
torproject.org/projects/torbrowser/design/

WHAT IF PUBLIC FACING SERVERS CONNECT TO MAIN SERVER USING TOR?
so main server only is accessible with Tor. and public servers connect to it using Tor, public servers do not know the address of main server

but how about domain? FBI will just take your domain and shut it down. and users are too dumb to use IP addresses or Tor.


but nobody will use tor-only website. people are dumb and lazy. I hate humans


nothing.
but
if it's in jewish/corporate/NWO interests the FBI will come to your house and murder you

Or your ISP or ICANN can do a IP redirect for your jurisdiction of that one IP to a honeypot.

Yeah they probably wouldn't be too successful in doing that though. "Behind every blade of grass."